xloader

General

Target

00aa65bb6c94d28f04933ebc90a56bf75d62ac3cd246afa1ef60d671a40ee978.zip
Size

299KB
Sample

210924-n5z13sghb4
MD5

bead7a59737448e6ef9c0db98eb2571d
SHA1

4100c0d645d136de96da7d373e668f853700f809
SHA256

a3b44997bc49506912360e2dfbcf708a400c555efd6841246e499a83ebf12232
SHA512

98af08dd406ddd3ddfd51cd1caf43da9975f5e980a4bf16d7c0e52a693d614738da9a5154b33218584e575c6facb537b03b49b8ac6f016bf32b272cb702f1aca

Score

10^/10

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

chg

C2

http://www.chiaketo.com/chg/

Decoy

worldvaypg.com

cremationprosguiding.info

counterpub.com

steamed-chicken.com

bethhavencemetery.com

wanda12.com

thejdot.com

juliusbuckley.com

realloveawaitsnow.com

healthandenergyadvisors.com

stockholmfasadputs.com

uvsafetysolutions.com

mamucosmetic.com

konoozalyemen.com

grillschalen.com

zljmys.com

paradseautos.com

home360.asia

domentemenegi37.com

farazahmadosama.com

Targets

- Target
  
  B1o.exe
- Size
  
  614KB
- MD5
  
  5e3dc4e700d55cb8232bdbeade8ca8ad
- SHA1
  
  8a4c46e292dafb7db736c03f784a997b6dece9aa
- SHA256
  
  00aa65bb6c94d28f04933ebc90a56bf75d62ac3cd246afa1ef60d671a40ee978
- SHA512
  
  6b1d6e010c303ea7663f33d82255eea9f0c0c2b941301788b3e811138c1f08021b922e4a63426b2f3deb00d5b36e4d2eed3ea640a7562998836b87e2bfa02cf9
Score

10^/10

xloader chg loader persistence rat spyware stealer
- Xloader
  Xloader is a rebranded version of Formbook malware.
  loader xloader
- Xloader Payload
  rat
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Xloader Payload

Blocklisted process makes network request

Reads user/profile data of web browsers

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2